2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

Slides:



Advertisements
Similar presentations
Ernst Oberortner Vienna University of Technology.
Advertisements

1 Verification by Model Checking. 2 Part 1 : Motivation.
Requirements Engineering Processes – 2
Overview of NESSI Projects Portfolio Stefano De Panfilis Engineering Ingegneria Informatica S.p.A.
Requirements Engineering Process
Requirements Engineering Process
© Telelogic AB Modeling DoDAF Compliant Architectures Operational Systems Technical.
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Visual Model-based Software Development EUD-Net Workshop, Pisa, Italy September 23 rd, 2002 University of Paderborn Gregor Engels, Stefan Sauer University.
Week 2 The Object-Oriented Approach to Requirements
Chapter 5 – Enterprise Analysis
1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
1 INCOSE Chesapeake Chapter Enterprise SE Panel Discussion L. Mark Walker/LMC 21 March 2007.
AIM Operational Concept
Lecture 5: Requirements Engineering
Using UML, Patterns, and Java Object-Oriented Software Engineering Chapter 1: Introduction.
From Model-based to Model-driven Design of User Interfaces.
Improving System Safety through Agent-Supported User/System Interfaces: Effects of Operator Behavior Model Charles SANTONI & Jean-Marc MERCANTINI (LSIS)
Systems Development Environment
HP Quality Center Overview.
Virtual University - Human Computer Interaction 1 © Imran Hussain | UMT Imran Hussain University of Management and Technology (UMT) Lecture 16 HCI PROCESS.
The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:
Key-word Driven Automation Framework Shiva Kumar Soumya Dalvi May 25, 2007.
Professor John Hosking, Dean of Engineering and Computer Science Models, Modelling, MBSE.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Requirements Engineering n Elicit requirements from customer  Information and control needs, product function and behavior, overall product performance,
Fundamentals of Information Systems, Second Edition
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Requirements Engineering Processes
SQM - 1DCS - ANULECTURE Software Quality Management Software Quality Management Processes V & V of Critical Software & Systems Ian Hirst.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Enterprise Architecture
Chapter 7: The Object-Oriented Approach to Requirements
The design process z Software engineering and the design process for interactive systems z Standards and guidelines as design rules z Usability engineering.
What is Business Analysis Planning & Monitoring?
S/W Project Management
Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.
-Nikhil Bhatia 28 th October What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Chapter 6 Requirements Engineering Process.
Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.
HCI in Software Process Material from Authors of Human Computer Interaction Alan Dix, et al.
Effective Requirements Management – an overview Kristian Persson Field Product Manager, Telelogic Asia/Pacific.
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
CHECKPOINTS OF THE PROCESS Three sequences of project checkpoints are used to synchronize stakeholder expectations throughout the lifecycle: 1)Major milestones,
University of Southern California Center for Systems and Software Engineering Model-Based Software Engineering Supannika Koolmanojwong Spring 2013.
Lecture 7: Requirements Engineering
1 Introduction to Software Engineering Lecture 1.
Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?
Fundamentals of Information Systems, Second Edition 1 Systems Development.
CSC480 Software Engineering Lecture 8-9 September 20, 2002.
27/3/2008 1/16 A FRAMEWORK FOR REQUIREMENTS ENGINEERING PROCESS DEVELOPMENT (FRERE) Dr. Li Jiang School of Computer Science The.
ICT EMMSAD’05 13/ Assessing Business Process Modeling Languages Using a Generic Quality Framework Anna Gunhild Nysetvold* John Krogstie *, § IDI,
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Overview of RUP Lunch and Learn. Overview of RUP © 2008 Cardinal Solutions Group 2 Welcome  Introductions  What is your experience with RUP  What is.
Ivar Jacobson, Grady Booch, and James Rumbaugh The Unified Software Development Process Addison Wesley, : James Rumbaugh's OOMD 1992: Ivar Jacobson's.
Tuesday October 25, 2005 Preview SoBeNeT- II project.
Activity Design Goal: work from problems and opportunities of problem domain to envision new activities.
Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.
HCI in the software process
The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.
The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.
Enterprise Data Model Enterprise Architecture approach Insights on application for through-life collaboration 2018 – E. Jesson.
Model-Driven Analysis Frameworks for Embedded Systems
The Extensible Tool-chain for Evaluation of Architectural Models
Object-Oriented Systems Development Life Cycle (CH-3)
HCI in the software process
Human Computer Interaction Lecture 14 HCI in Software Process
UML Design for an Automated Registration System
Presentation transcript:

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research & Technology

E.Félix Security DSL Agenda Security DSML overview Introduction Context and rationale The prototype security DMSL Status and perspective

E.Félix Security DSL Security DMSL Overview Context Critical Information System engineering in an industrial environment New method to support the security risk analysis Based upon Model-based engineering techniques  Security Domain Specific Modelling Language (DMSL) Security DMSL supports Analysis and assessment of security risks for a system Specification of security requirements Technology Readiness Level prototype

E.Félix Security DSL Introduction Critical system engineering Involves multiple teams  capture, articulation, trade-off and reconciliation between multiple viewpoints over a system architectural design  System security engineering as a viewpoint Enhancement of traditional security risk analysis methodologies based on modelling techniques that will allow leveraging detailed knowledge of the targeted system in close integration with the mainstream system engineering process, and developing fine grain analyses of the actual risks at stake.

E.Félix Security DSL Context and rationale Stake of risk mitigation Find the right trade-off between risk coverage and costs State of the art Traditional security risk analysis EBIOS, Mehari, Octave, etc. based on tables, ie loosing the fine-grained view of the architecture Critical systems security engineering methodology Within the scope of current Security DSL Out of the scope of current Security DSL

E.Félix Enhancing system security methods System design models Security analysis model Real world System definition Security & Risks analysis (several system definition viewpoints) ADVANTAGES Toward a close integration of security analysis and system model Provides a management view Manages finer grain analyses Governance

E.Félix Security DSL Objectives of the enhancement Objective1: To optimize the qualification of the risks and the specification of security requirements and related security costs, Objective 2: To optimize the quality and the productivity of security engineering by capitalizing on data from one study to the next, by proceeding to automatic calculation and consistency checking. Objective 3: To optimize the quality and the productivity of security engineering by sharing common models of the system between system design and security analysis and thus by working on synchronized and consistent models of the system throughout the design process.

E.Félix Overall process and actors of secure system engineering System engineering process Security analysis process System security design process System architect Security architect Security analyst Strategic & business analysis process End user, Customer, Executive Risk analysis Security requirements Business needs Security design System architecture Reference security typologies System models Before models

E.Félix System engineering process Security analysis process System security design process System architect Security architect Security analyst Reference security librairies Strategic & business analysis process End user, Customer, Executive System architecture model Risk analysis and security requirements model Business need model Target Overall process and actors of secure system engineering

E.Félix Model-driven architecting environment Technical space System space Business space SoS architectural analysis and design Business process analysis & design SoS architectural technical design Strategic space Time performance engineering Management engineering Security engineering Computation independent models of the business operational need Technology independent models of the overall solution architecture Technology-specific models of the IT integration solution Business motivation models, capability plan & drivers Domain Specific Language = a typically small language, designed for a particular domain  higher degree of closeness to specific domain concepts  abstract away from technology / implementation details  complexity encapsulation  domain experts able to understand, validate, develop DSL programs to model their specific domain problems  increase productivity of domain engineers

E.Félix Security DSL task: interactions & workflow

E.Félix Security DSL: problematic GOAL: Rapidly prototype a DSL allowing the support of finer grain, more formal security analyses that exploit formalized system architecture descriptions.

E.Félix Security DSL The risk-related meta-model

E.Félix Security DSL Linking architecture to risk analysis meta-model

E.Félix Resulting Security DSL Tool

E.Félix Security DSL Comparison to existing work Focus of the research community on Attack scenarios, vulnerability cause graphs, use and misuse cases, attack trees Complementary to our work CORAS supporting brainstorm sessions between security analysis stakeholders does not investigate the integration of the security risk analysis process with the system engineering process

E.Félix Security DSL CURRENT STATUS a first iteration of work, in the context of a longer-term research work that aims at developing an enhanced model- based method for the security engineering of critical information systems Proof-of-concept prototype focus on scoping and capturing a relevant meta-model rather than on developing high-quality diagrammatic notations and tooling -> ergonomics and usability to be enhanced

E.Félix Security DSL PERSPECTIVES Enhancing the security analysis DSML in several areas refinement of the stakes / needs / damages model for a more precise computation of risk severity Including automated computation formula and consistency checking rules Integration of the DSML with our system modelling framework support to multi-disciplinary engineering heterogeneous modelling viewpoint integration Complementing our risk analysis DSML with modelling and tools for supporting security solutions design and verification, thus extending our scope to fully address our model-based security engineering target

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.